First published: Wed May 06 2020(Updated: )
A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper memory protection mechanisms while processing certain OSPF packets. An attacker could exploit this vulnerability by sending a series of malformed OSPF packets in a short period of time to an affected device. A successful exploit could allow the attacker to cause a reload of the affected device, resulting in a DoS condition for client traffic that is traversing the device.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Firepower Threat Defense | >=6.2.0<6.2.3.16 | |
Cisco Firepower Threat Defense | >=6.3.0<6.3.0.6 | |
Cisco Firepower Threat Defense | >=6.4.0<6.4.0.9 | |
Cisco Firepower Threat Defense | >=6.5.0<6.5.0.5 | |
Cisco Adaptive Security Appliance Software | >=9.6.0<=9.6.4.40 | |
Cisco Adaptive Security Appliance Software | >=9.8.0<=9.8.4.17 | |
Cisco Adaptive Security Appliance Software | >=9.9.0<=9.9.2.66 | |
Cisco Adaptive Security Appliance Software | >=9.10.0<=9.10.1.37 | |
Cisco Adaptive Security Appliance Software | >=9.12.0<=9.12.3.7 | |
Cisco Adaptive Security Appliance Software | >=9.13.0<=9.13.1.7 | |
Cisco ASA 5506-X | ||
Cisco Asa 5506h-x | ||
Cisco Asa 5506w-x | ||
Cisco Asa 5508-x | ||
Cisco Asa 5516-x | ||
Cisco Asa 5525-x | ||
Cisco Asa 5545-x | ||
Cisco Asa 5555-x |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-3298 is a vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) by reloading the affected device.
CVE-2020-3298 affects Cisco Adaptive Security Appliance (ASA) Software versions 9.6.0 to 9.6.4.40, 9.8.0 to 9.8.4.17, 9.9.0 to 9.9.2.66, 9.10.0 to 9.10.1.37, 9.12.0 to 9.12.3.7, 9.13.0 to 9.13.1.7, and Cisco Firepower Threat Defense (FTD) Software versions 6.2.0 to 6.2.3.16, 6.3.0 to 6.3.0.6, 6.4.0 to 6.4.0.9, 6.5.0 to 6.5.0.5.
CVE-2020-3298 has a severity rating of 7.5 (High).
To fix CVE-2020-3298, it is recommended to update Cisco Adaptive Security Appliance (ASA) Software to a fixed version and update Cisco Firepower Threat Defense (FTD) Software to a fixed version as per the recommendations provided by Cisco.
You can find more information about CVE-2020-3298 on the official Cisco Security Advisory: [https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ospf-dos-RhMQY8qx](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ospf-dos-RhMQY8qx)